ENGINE socket.error 8

[n3rdyguy]

After upgrading to 3.5.0 including RC1, i am getting this warning.
Installed on Windows 10

Traceback (most recent call last):
  File "cheroot\server.py", line 1300, in communicate
  File "cheroot\server.py", line 1090, in respond
  File "cheroot\wsgi.py", line 145, in respond
  File "cheroot\wsgi.py", line 231, in write
  File "cheroot\server.py", line 1146, in write
  File "cheroot\makefile.py", line 438, in write
  File "cheroot\makefile.py", line 36, in write
  File "cheroot\makefile.py", line 45, in _flush_unlocked
  File "socket.py", line 723, in write
  File "ssl.py", line 1205, in send
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2384)

[sanderjo]

i am getting this warning.

When? How? Reproducible?

[thezoggy]

EOF - we've talked about this before: #1982

I've been seeing these for so long now (prob some setting where browser has to figure out to nego what ssl and tries older ssl in the process), keep hoping that newer python+cherrypy would allow to stop them from bubbling up but it never happens:

2022-02-09 17:42:45,575::DEBUG::[interface:132] Request GET / from 192.168.0.2 [Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0] {}
2022-02-09 17:42:45,775::INFO::[notifier:123] Sending notification: Warning - [09/Feb/2022:17:42:45] ENGINE socket.error 8
Traceback (most recent call last):
  File "cheroot\server.py", line 1300, in communicate
  File "cheroot\server.py", line 1090, in respond
  File "cheroot\wsgi.py", line 145, in respond
  File "cheroot\wsgi.py", line 231, in write
  File "cheroot\server.py", line 1146, in write
  File "cheroot\makefile.py", line 438, in write
  File "cheroot\makefile.py", line 36, in write
  File "cheroot\makefile.py", line 45, in _flush_unlocked
  File "socket.py", line 723, in write
  File "ssl.py", line 1205, in send
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2384)
 (type=warning, job_cat=None)
2022-02-09 17:42:45,775::WARNING::[_cplogging:213] [09/Feb/2022:17:42:45] ENGINE socket.error 8
Traceback (most recent call last):
  File "cheroot\server.py", line 1300, in communicate
  File "cheroot\server.py", line 1090, in respond
  File "cheroot\wsgi.py", line 145, in respond
  File "cheroot\wsgi.py", line 231, in write
  File "cheroot\server.py", line 1146, in write
  File "cheroot\makefile.py", line 438, in write
  File "cheroot\makefile.py", line 36, in write
  File "cheroot\makefile.py", line 45, in _flush_unlocked
  File "socket.py", line 723, in write
  File "ssl.py", line 1205, in send
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2384)

with firefox, if i just open up a new tab and go to sab's ip.. it generates the EOF traceback.

and on side note, if you have sab exposed to the internet you will see things also like these (due to probes):

 [06/Feb/2022:08:22:45] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "cheroot\server.py", line 1823, in serve
  File "cheroot\connections.py", line 203, in run
  File "cheroot\connections.py", line 246, in _run
  File "cheroot\connections.py", line 300, in _from_server_socket
  File "cheroot\ssl\builtin.py", line 277, in wrap
  File "ssl.py", line 512, in wrap_socket
  File "ssl.py", line 1070, in _create
  File "ssl.py", line 1341, in do_handshake
ssl.SSLError: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:997)

[06/Feb/2022:03:23:02] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "cheroot\server.py", line 1823, in serve
  File "cheroot\connections.py", line 203, in run
  File "cheroot\connections.py", line 246, in _run
  File "cheroot\connections.py", line 300, in _from_server_socket
  File "cheroot\ssl\builtin.py", line 277, in wrap
  File "ssl.py", line 512, in wrap_socket
  File "ssl.py", line 1070, in _create
  File "ssl.py", line 1341, in do_handshake
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:997)

 [08/Feb/2022:06:54:27] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "cheroot\server.py", line 1823, in serve
  File "cheroot\connections.py", line 203, in run
  File "cheroot\connections.py", line 246, in _run
  File "cheroot\connections.py", line 300, in _from_server_socket
  File "cheroot\ssl\builtin.py", line 277, in wrap
  File "ssl.py", line 512, in wrap_socket
  File "ssl.py", line 1070, in _create
  File "ssl.py", line 1341, in do_handshake
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:997)

ideally people should put sab behind reverse proxy since for whatever reason we cant suppress these tracebacks from drivebys :/

[thezoggy]

@Safihre somewhat related to follow up on cherrypy/cheroot#346
can you re-test with cheroot 8.6.0 (which is what we are using) as it looks like to me they never fixed it

[zeus65]

I've also got this error, Using sab version 3.5.1 on mac, Not sure how to update Cheroot?

[upmg]

Hello,
I also have this issue:

SAB Version: | 3.5.3 [bca9f3b]
Python Version: 3.10.2 (v3.10.2:a58ebcc701, Jan 13 2022, 14:50:16) [Clang 13.0.0 (clang-1300.0.29.30)] [UTF-8]
OpenSSL: OpenSSL 1.1.1m 14 Dec 2021

Any ideas on a way to fix?

Re-occurs on every startup of SABnzbd, thanks

[thezoggy]

It's outside of sabs control, we have bugs filed with cherrypy (web framework we use).

[upmg]

@thezoggy Thanks, sab seems to work regardless of the errors being thrown up, so it doesnt seem to break anything?

[thezoggy]

Correct, just cosmetic from the user prov. We just sadly can't handle it in sab to hide it.

[thezoggy]

to follow upon this.

running sab dev code via git on win10, on the login page if i shift+refresh or on logout it will generate the traceback with:

2022-04-20 19:22:21,215::WARNING::[_cplogging:213] [20/Apr/2022:19:22:21] ENGINE socket.error 8
Traceback (most recent call last):
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1300, in communicate
    req.respond()
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1090, in respond
    self.server.gateway(self).respond()
  File "c:\Python310\lib\site-packages\cheroot\wsgi.py", line 145, in respond
    self.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\wsgi.py", line 231, in write
    self.req.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1146, in write
    self.conn.wfile.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 438, in write
    res = super().write(val, *args, **kwargs)
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 36, in write
    self._flush_unlocked()
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 45, in _flush_unlocked
    n = self.raw.write(bytes(self._write_buf))
  File "c:\Python310\lib\socket.py", line 723, in write
    return self._sock.send(b)
  File "c:\Python310\lib\ssl.py", line 1205, in send
    return self._sslobj.write(data)
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2384)

in SABnzbd.py - attach_server, tried changing the ssl_module from builtin to pyopenssl but no change.

in SABnzbd.py - main,

        cherrypy.config.update(
            {
                "server.ssl_module": "builtin",

sab wouldnt start because lib wasnt installed, installed.

now instead of SSLEOFError it instead shows:

2022-04-20 19:24:40,808::ERROR::[_cplogging:213] [20/Apr/2022:19:24:40] ENGINE SysCallError(10053, 'WSAECONNABORTED')
Traceback (most recent call last):
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1300, in communicate
    req.respond()
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1090, in respond
    self.server.gateway(self).respond()
  File "c:\Python310\lib\site-packages\cheroot\wsgi.py", line 145, in respond
    self.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\wsgi.py", line 231, in write
    self.req.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\server.py", line 1146, in write
    self.conn.wfile.write(chunk)
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 438, in write
    res = super().write(val, *args, **kwargs)
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 36, in write
    self._flush_unlocked()
  File "c:\Python310\lib\site-packages\cheroot\makefile.py", line 45, in _flush_unlocked
    n = self.raw.write(bytes(self._write_buf))
  File "c:\Python310\lib\socket.py", line 723, in write
    return self._sock.send(b)
  File "c:\Python310\lib\site-packages\OpenSSL\SSL.py", line 1815, in send
    self._raise_ssl_error(self._ssl, result)
  File "c:\Python310\lib\site-packages\OpenSSL\SSL.py", line 1692, in _raise_ssl_error
    raise SysCallError(errno, errorcode.get(errno))
OpenSSL.SSL.SysCallError: (10053, 'WSAECONNABORTED')

~ seems like using pyopenssl caused it to report sslerrors a lot more frequent than when we use builtin

looking back at bug notes, in python3.9:

py 3.9:
 - bpo-31122: ssl.wrap_socket() now raises ssl.SSLEOFError rather than
   OSError when peer closes connection during TLS negotiation

found:
https://groups.google.com/g/cherrypy-users/c/ghrUwoyYKgI

reverted back to builtin, and tried to monkey patch to just hide the error. since server was pulled out you actually have to do cheroot.server to get to ssl_adapters

try:
    class PatchBuiltinSSLAdapter(BuiltinSSLAdapter):
        def wrap(self, sock):
            try:
                s, env = super(PatchBuiltinSSLAdapter, self).wrap(sock)
            except ssl.SSLError, e:
                if e.errno != ssl.SSL_ERROR_SSL or \
                   not e.args[1].startswith('EOF'):
                    raise
                s, env = None, {}
            return s, env
except:
    pass

but sadly no luck. tried a few variations but no luck.

looking at cheroot code, can see that cheroot.server has a list of errors to ignore socket_errors_to_ignore
https://github.com/cherrypy/cheroot/blob/master/cheroot/server.py#L1069

from cheroot import errors
print(errors.socket_errors_to_ignore)

this is platform specific, on win10 this results in:
https://github.com/cherrypy/cheroot/blob/master/cheroot/errors.py#L40

[32, 10052, 10053, 10054, 9, 10060, 10061, 10064, 10065, 10038, 10009, 'timed out', 'The read operation timed out']

can see 10053 should be ignored...

tried adding, but no change:

errors.socket_errors_to_ignore.append("EOF")
errors.socket_errors_to_ignore.append("SSLEOFError")

no matter what I tried it would not stop sab from seeing it.

[puzzledsab]

Did you try to import ssl in the file where you are trying to catch the error?

[thezoggy]

This issue is being addressed in a recent cheroot patch for issue

cherrypy/cheroot#517

Waiting for this to land
cherrypy/cheroot#518

[thezoggy]

to add to this, lsio docker updated to newer alpine and with it came openssl 3.x which now people are seeng

 ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)

linuxserver/docker-sabnzbd#171

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.